View Current

Segregation of Duties Guidelines

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 -  Introduction / Background

(1) These Guidelines set out how the University of Wollongong (“the University”) implements segregation of duties as an internal control measure.

(2) The University has established a system of controls to carry out its operations in an economical, efficient, effective and orderly manner. The primary objectives of the University’s internal control systems are to ensure:

  1. the reliability and integrity of information;
  2. compliance with policies, plans, procedures, laws and regulations;
  3. the safeguarding of assets;
  4. protect against fraud and corruption;
  5. the economical and efficient use of resources; and
  6. the achievement of operational goals.
Top of Page

Section 2 - Scope / Purpose

(3) The key organisational control is the University’s Delegations of Authority Policy. The Delegations of Authority Policy details parameters for specified University officers.

Top of Page

Section 3 - Principles

(4) The following principles have been adopted by the University to ensure effective control:

  1. clearly established lines of responsibility and delegation;
  2. risk assessment and best practice is the basis for evaluation of the control framework;
  3. preference for system controlled on-line transactional environments with appropriate security and audit trails;
  4. reconciliation of bank statements, payroll records, accounts receivable records, and other suspense accounts to general ledger records; and
  5. responsibility for initiating business transactions on the University's behalf and for custody of the University's assets is normally separated from responsibility for maintaining the accounting records.

(5) Where the risk is assessed as significant and the above principles require strengthening, the following additional factors apply: 

  1. end-to-end responsibility for any series of financially related transactions to be distributed among two (2) or more staff members or departments;
  2. registration of the receipt, issue and usage of all residual, paper-based, accountable documents, in particular, cheques and receipt books; and
  3. internal audit responsible for continuing review and study of the internal control system. Non-compliance with established procedures are reported directly to the Vice-Chancellor and President and Risk, Audit and Compliance Committee.
Top of Page

Section 4 - Segregation of Duties where other measures are insufficient and segregation of duties is required: 

(6) Users with access to create purchase orders or enter accounts payable invoices will not have access to add or change records in the supplier address book. These controls are maintained within the University Enterprise Resource Plan (ERP).

(7) Users with access to manage accounts receivable invoices may have access to add or change customer records in the address book.

(8) Staff who create purchase orders must not approve those purchase orders. That is, a person independent of the purchase order creation must approve the purchase order. This control is maintained within the University ERP.

(9) Staff who create purchase orders may approve receipt of goods for those purchase orders. However, where a material variation to the original purchase order occurs, the variation must be approved by a person independent of the variation to the order and in accordance with the Delegations of Authority Policy.

(10) Staff who enter or review accounts payable invoices must not approve payment of those invoices. Additionally, a user may not review or enter invoices and also approve invoices within the same user group. A person independent of the invoice review process is required to approve invoice payments.

(11) Staff who create accounts receivable invoices may also process credit notes and debt write-offs. However, these transactions must be supported by documentation with sign-off by authorised delegates. Those authorised delegates must not have access to create accounts receivable invoices.

(12) Staff who create general journals and other system journals must not approve those journals for posting to the general ledger. A person independent of the journal creation process is required to approve the posting of journals.

Top of Page

Section 5 - Roles and Responsibilities

(13) Roles and responsibilities are as detailed in these Guidelines.

Top of Page

Section 6 - Definitions

Word/Term Definition
Segregation of Duties The practice of dividing tasks and associated privileges related to a business process among multiple staff members to ensure no single individual has control over all aspects of a critical function. This is particularly important in areas such as payroll, finance, procurement, contract management, and human resources. Systems are often used to enforce this separation to prevent fraud and errors.